CVE-2004-0457 — Oracle Mysql vulnerability

4 documents4 sources

Severity

4.6MEDIUMNVD

EPSS

0.1%

top 70.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Mysql

Timeline

PublishedSep 28

Latest updateApr 29

Description

The mysqlhotcopy script in mysql 4.0.20 and earlier, when using the scp method from the mysql-server package, allows local users to overwrite arbitrary files via a symlink attack on temporary files.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

▶NVDoracle/mysql4.0.20

Patches

Patch: www.redhat.com ↗Patch: www.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-8mmc-rxvx-8vhr: The mysqlhotcopy script in mysql 4↗2022-04-29

▶

📋Vendor Advisories

Red Hat

security flaw↗2004-08-18

▶

💬Community

Bugzilla

CVE-2004-0457 security flaw↗2018-08-16

▶